Package api.mpba.rastvdmy.config.utils

Class EncryptionUtil

java.lang.Object
api.mpba.rastvdmy.config.utils.EncryptionUtil
public class EncryptionUtil extends Object
Utility class for encryption, decryption, and hashing operations. This class handles AES encryption and decryption with CBC and PKCS5 padding, Argon2 hashing, and secret key management, including key generation, saving, and loading from the file.

The class uses BouncyCastle as a security provider for cryptographic operations. It ensures the presence of a secret key for encryption/decryption purposes, either by loading an existing one or generating a new one if none is found.

  • Constructor Details

    • EncryptionUtil

      public EncryptionUtil()

  • Method Details

    • generateKey

      public static SecretKey generateKey() throws NoSuchAlgorithmException
      Generates a new AES secret key with a key size of 256 bits.
      Returns:
      a new SecretKey for AES encryption.
      Throws:
      NoSuchAlgorithmException - if the AES algorithm is not available.

    • encrypt

      public static String encrypt(String data, SecretKey key) throws GeneralSecurityException
      Encrypts the given plaintext using AES with CBC mode and PKCS5 padding. A unique IV is generated for each encryption and prepended to the encrypted data.
      Parameters:
      data - the plaintext string to encrypt.
      key - the AES secret key to use for encryption.
      Returns:
      the Base64-encoded string of the IV and encrypted data.
      Throws:
      GeneralSecurityException - if encryption fails.

    • decrypt

      public static String decrypt(String encryptedData, SecretKey key) throws GeneralSecurityException
      Decrypts the given Base64-encoded string using AES with CBC mode and PKCS5 padding. The IV is extracted from the first 16 bytes of the encrypted data.
      Parameters:
      encryptedData - the Base64-encoded string of the IV and encrypted data.
      key - the AES secret key to use for decryption.
      Returns:
      the decrypted plaintext string.
      Throws:
      GeneralSecurityException - if decryption fails.

    • generateIv

      public static IvParameterSpec generateIv()
      Generates a random Initialization Vector (IV) of 16 bytes for AES encryption.
      Returns:
      an IvParameterSpec object containing the generated IV.

    • hash

      public static String hash(String data)
      Hashes the given string using the Argon2 hashing algorithm.
      Parameters:
      data - the plaintext string to hash.
      Returns:
      the hashed string generated by Argon2.

    • saveKey

      public static void saveKey(SecretKey key) throws IOException
      Saves the AES secret key to persistent storage. The key is saved in both a primary and backup file for redundancy.
      Parameters:
      key - the AES secret key to save.
      Throws:
      IOException - if an error occurs while writing the key to the files.

    • loadKey

      public static SecretKey loadKey() throws IOException
      Loads the AES secret key from persistent storage. It first attempts to load the key from a primary file, and if not found, attempts to load it from a backup file.
      Returns:
      the loaded SecretKey, or null if no key is found.
      Throws:
      IOException - if an error occurs while reading the key from a file.